Linux-Wireless Archive on lore.kernel.org
 help / color / Atom feed
* Potential NULL pointer deference in iwlwifi: mvm
@ 2019-10-10  5:02 Yizhuo Zhai
  0 siblings, 0 replies; 3+ messages in thread
From: Yizhuo Zhai @ 2019-10-10  5:02 UTC (permalink / raw)
  To: Johannes Berg, Emmanuel Grumbach, Luca Coelho,
	Intel Linux Wireless, Kalle Valo, David S. Miller,
	Avigail Grinstein, Haim Dreyfuss, linux-wireless, netdev,
	linux-kernel

Hi All:

drivers/net/wireless/intel/iwlwifi/mvm/power.c:

The function iwl_mvm_vif_from_mac80211() could return NULL,
but some callers in this file does not check the return value while
directly dereference it, which seems potentially unsafe.
Such callers include iwl_mvm_update_d0i3_power_mode(),
iwl_mvm_power_configure_uapsd(),
iwl_mvm_power_allow_uapsd(), etc.



-- 
Kind Regards,

Yizhuo Zhai

Computer Science, Graduate Student
University of California, Riverside

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Potential NULL pointer deference in iwlwifi: mvm
  2019-10-07 19:19 Yizhuo Zhai
@ 2019-10-07 19:21 ` Johannes Berg
  0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2019-10-07 19:21 UTC (permalink / raw)
  To: Yizhuo Zhai, Emmanuel Grumbach, Luca Coelho,
	Intel Linux Wireless, Kalle Valo, Ayala Beker,
	Shahar S Matityahu, Sara Sharon, linux-wireless, netdev,
	linux-kernel, Zhiyun Qian, Chengyu Song

On Mon, 2019-10-07 at 12:19 -0700, Yizhuo Zhai wrote:
> Hi All:
> 
> drivers/net/wireless/intel/iwlwifi/mvm/scan.c:
> 
> Inside function iwl_mvm_power_ps_disabled_iterator(),
> iwl_mvm_vif_from_mac80211()
> could return NULL

No, it can not.

Whatever tool you've used to find this - you should fix it.

johannes


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Potential NULL pointer deference in iwlwifi: mvm
@ 2019-10-07 19:19 Yizhuo Zhai
  2019-10-07 19:21 ` Johannes Berg
  0 siblings, 1 reply; 3+ messages in thread
From: Yizhuo Zhai @ 2019-10-07 19:19 UTC (permalink / raw)
  To: Johannes Berg, Emmanuel Grumbach, Luca Coelho,
	Intel Linux Wireless, Kalle Valo, Ayala Beker,
	Shahar S Matityahu, Sara Sharon, linux-wireless, netdev,
	linux-kernel, Zhiyun Qian, Chengyu Song

Hi All:

drivers/net/wireless/intel/iwlwifi/mvm/scan.c:

Inside function iwl_mvm_power_ps_disabled_iterator(),
iwl_mvm_vif_from_mac80211()
could return NULL,however, the return value of
iwl_mvm_vif_from_mac80211() is not checked and get
used. This could potentially be unsafe.

-- 
Kind Regards,

Yizhuo Zhai

Computer Science, Graduate Student
University of California, Riverside

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-10  5:02 Potential NULL pointer deference in iwlwifi: mvm Yizhuo Zhai
  -- strict thread matches above, loose matches on Subject: below --
2019-10-07 19:19 Yizhuo Zhai
2019-10-07 19:21 ` Johannes Berg

Linux-Wireless Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-wireless/0 linux-wireless/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-wireless linux-wireless/ https://lore.kernel.org/linux-wireless \
		linux-wireless@vger.kernel.org linux-wireless@archiver.kernel.org
	public-inbox-index linux-wireless

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-wireless


AGPL code for this site: git clone https://public-inbox.org/ public-inbox